How Two Brothers Reportedly Exploited a Controversial Yet Tolerated Ethereum Practice to Make $25 Million


“The Bait” was the first. The highly intricate Ethereum exploit, which targeted the contentious region of “maximal extractable value,” or MEV, was described by U.S. prosecutors in an indictment.

Stay in the know on crypto by frequently visiting Crypto News Today

The brothers Peraire-Bueno, who were in their twenties and had focused on blockchain technology after graduating from a prominent university, started an ambitious project in late 2022 that eventually brought them $25 million. This was one of the most sophisticated cryptocurrency scams in the past ten years or so. U.S. prosecutors claim that they initially laid out a four-step strategy.

“The Bait” was the first. “Unblinding the block” was next, then “The Search,” and lastly “The Propagation.”

CryptoCaster Quick Check:

An indictment states that “in the months that followed, the defendants followed each stage as outlined in their Exploit Plan.”

On Wednesday, the U.S. Department of Justice filed charges against Anton Peraire-Bueno, 24, and James Peraire-Bueno, 28, for allegedly taking advantage of a flaw in a widely used software application that trading bots use on the Ethereum blockchain. During the course of the 12-second exploit in April 2023, the brothers made an estimated $25 million in profits.

How did everything function?

The exploit was made possible by a flaw the brothers found in MEV-boost, a program that allows them to view transactions in blocks before they are formally forwarded to validators and is utilized by almost 90% of the validators that maintain the blockchain.

By rearranging or adding transactions to a block before it is added to the blockchain, validators and builders can levy MEV, or maximal extractable value, from users. This is sometimes referred to as a “invisible tax.”

The practice is sometimes likened to frontrunning in conventional stock markets; however, because it is hard to completely eradicate, the Ethereum community has come to terms with the practice and has only attempted to lessen its negative impacts.

Almost 90% of Ethereum validators use MEV-Boost, a software application, as one of those mitigating techniques. The idea is to make MEV more evenly available to all newcomers.


In their charging document, the prosecutors openly acknowledged this kind of “this is just how it’s done” mentality.

“The stability and integrity of the Ethereum blockchain for all network participants is threatened by tampering with these established MEV-Boost proposals, which are relied upon by the vast majority of Ethereum users,” the indictment states.

Builders, bundlers, searchers, relays, and bots

Users submit transactions on Ethereum, and those submissions are added to a “mempool”—a section of the network where transactions are pending.

These mempool transactions can be assembled by “block builders” using MEV-boost and then placed into blocks.

Subsequently, MEV bots, also known as “searchers,” comb through the mempool to determine which transactions would be profitable to trade. If certain block builders are bribed to rearrange or insert specific transactions, they may be able to extract some additional profit. After those blocks from MEV-boost are inked to the chain by Ethereum validators, they become irreversible.

Usually, the software completes all these steps automatically in a matter of milliseconds.

In this instance, the Peraire-Bueno brothers set up 16 validators with the intention of luring three MEV bots that lacked certain safeguards.

The searchers have a target transaction, a signed transaction that comes before it, and a signed transaction that comes after when they group transactions together.

“The rules of the game are, ‘Well, I give you this bundle, and the bundle has to execute atomically,’ meaning it will only go if all three transactions are included in exactly this order, and any other thing than that, it’s not going to work,” Matt Cutler, the CEO of Blocknative, a blockchain infrastructure firm, told CoinDesk in an interview.

Because the brothers set up malicious validators, their intent was always to seize on the opportunity to exploit the bots that did not have those checks, by pulling apart those transactions.


“The malicious validator got access to signed transactions that were secured and they were then able to manipulate those signed transactions to drain the bots of $25 million in funds because the honeypot transactions were very lucrative, the bots didn’t have checks in place to prevent certain conditions from happening, and they fundamentally trusted the integrity of the validator and MEV-boost ecosystem,” Cutler explained.

“Forgery signatures”

The government made a great effort to show in its accusations how the activities deviated from community norms and into the domain of fraud. The activities were directed at a critical point in the inner workings of the blockchain, at a technical level that even experienced blockchain developers could not understand.

The brothers were specifically charged with sending a “false signature” to a key link in the chain called a “relay” instead of a legitimate digital signature. A proposed block of transactions, including all of the potential profits that are contained within the bundle, cannot be revealed without a signature.

“During this procedure, a relay functions akin to an escrow account, momentarily preserving the otherwise confidential transaction information of the suggested block until the validator pledges to upload the block to the blockchain precisely as directed,” the prosecution stated. “Until the validator has verified via a digital signature that it will publish the proposed block, as structured by the builder, to the blockchain, the relay will not release the transactions within the proposed block to the validator.”

The brothers “knew that the information contained in the false signature was designed to, and did, trick the Relay to prematurely release the full content of the proposed block to the defendants, including the private transaction information,” the prosecutors claimed, based on their planning and research, according to the indictment.

“Stealing is stealing, regardless of the terms that enable that stealing,” stated Cutler.

“It’s not okay to break into your car just because the door is unlocked, right?” He stated.

Certain contentious MEV trading techniques, such as front-running and “sandwich attacks,” can frequently affect Ethereum. However, a lot of important people in the MEV ecosystem consider the exploit from the previous year to be outright theft.

Lead product manager at MetaMask Taylor Monahan stated on X, “Yeah, you should expect to go to prison for a long time lmfao if you steal and launder $25 million dollars.”

“One could argue that it’s a bit of robbing the robbers, but in any case, it was evidently an exploit, a manipulation of rule sets, in a way that appears to be against the jurisdiction’s established laws,” Cutler remarked.

The government claimed that Anton Peraire-Bueno “searched online for, among other things, ‘top crypto lawyers,’ ‘how long is us statute [sic] of limitations,’ ‘wire fraud statute / wire fraud statute [sic] of limitations,’ ‘fraudulent Ethereum addresses database,’ and’money laundering statute [sic] of limitations” in the weeks after the exploit, almost as if to emphasize the point.

James Peraire-Bueno sent an email to a bank representative the day after the exploit, requesting “a safe deposit box that was large enough to fit a laptop,” according to the prosecution.CRYPTOCASTER® - DECENTRALIZED FREEDOM!

We hope you appreciated this article. Before you move on, I was hoping you would consider taking the step of supporting CryptoCaster’s journalism. 

From  Elon Musk, Larry Fink(BlackRock) to Jamie Dimon(JP Morgan Chase) a number of billionaire owners have a powerful hold on so much of the hidden agendas’ which eludes the public concerning the paradigm shift juxtaposed by cryptocurrency and web3 emerging technologies. CryptoCaster is different. We have no billionaire owner or shareholders to consider. Our journalistic efforts are produced to serve the public interest in crypto development and institutional disruptions – not profit motives.

And we avoid the trap that befalls much U.S. and global media – the tendency, born of a desire to please all sides, to engage in false equivalence in the name of neutrality and retail consumer protection. While fairness and transparency dictates everything we do, we know there is a right and a wrong position in the fight against fiat global banking interest and monetary reconstruction precipitated by the emerging crypto ecology.

When we report on issues like the FTX, Binance and Ripple crisis, we’re not afraid to name who or what is uncovered. And as a crypto sentinel, we’re able to provide a fresh, outsider perspective on the global monetary disruption – one so often missing from the insular American and European media bubble. 

Around the world, readers can access the CryptoCaster’s paywall-free journalism because of our unique reader-supported model. That’s because of people like you. Our readers keep us independent, beholden to no outside influence and accessible to everyone – whether they can afford to pay for news and information, or not.

We thankyou for the on-going support our readers have bestowed monetarily. If you have not considered supporting CryptoCaster, if you can, please consider supporting us just once from $1 or more of Bitcoin (satoshi) or Eth, and better yet, support us every month with a little more. Scroll further down this page to obtain CryptoCaster’s wallet addresses.

Thank you.

Kristin Steinbeck
Editor, CryptoCaster

Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.

Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
MATIC – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
LITECOIN – ltc1qxsgp5fykl0007hnwgl93zr9vngwd2jxwlddvqt


You may also like